Wireshark-dev: Re: [Wireshark-dev] Should payload dissectors' (RTP) packets depend on call-setu
From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Fri, 1 Jun 2012 11:51:05 -0700
On Fri, Jun 1, 2012 at 11:44 AM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
> One of the more frequently asked questions/reported bugs is users filtering
> for RTP, saving^W exporting those displayed packets, then opening the new
> capture file only to find plain UDP.  This is because the call-setup
> protocol (e.g., SIP) wasn't included in the display filter.
>
> Now we have the ability to mark frames as dependent on others.  Should, for
> example, RTP frames mark the call-setup frames as dependencies?  (I noticed
> that RTP has a Setup Frame field; would one frame really be enough?)

An alternative, but more radical approach, might be to export the
state that is needed to correctly dissect the packets.

We could lobby for an additional application-specific state record in
pcap-ng or an application-specific option field. The state could be an
asn.1 encoded blob, or whatever.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)